We claim 

1 . A method of signing and authenticating a message m in a public key data communication 
system, comprising the steps of : 

in a secure computer system; 

(a) generating a first short term private key 

(b) computing a first short term public key derived ftom said first short term private key 
t, 

(c) computing a first signature component r by using said first short term public key k] 

(d) generating a second short term private key t; 

(e) computing a second signature component s by using said second short term private 
key t on said message m, said long term private key and said first signature 
component r; 

(f) computing a third signature component c using said first and second short term 
private keys / and k respectively, and sending said signature components (r, ^, c) as a 
masked digital signature of said message w to a receiver computer system; in said 
receiver system; 

(g) using said second and third signature components (s,c) computing a normal signature 

component s and sending said signature components ( ^ , r) as a normal digital 
signature to a receiver verifer computer system; and in said verifier system 

(h) verifying said normal signature. 

2. A method as defined in claim 1 , said first short term private key ^ is an integer and 
said first short term public key is derived by computing the value kP = (x^j^) 
wherein P is a point of prime order n in E{Fq\ wherein E is an elliptic curve defined 
over Fq, 

3. A method as defined in claim 2, said first signature component r having a form 
defined by r = jc(modn) wherein jc is derived by converting said coordinate to an 
integers . 



A method as defined in claim 3, said second short term private key being an integer 
selected such that 2< / < (n-2), and said second signature component being defined 
by 5 = r 4- dr) (mod n), wherein e is a hash of said message m. 

A method as defined in claim 4, said third signature component being defined by c = 
tk(modn), 

A method as defined in claim 5, said normal signature component s being defined by 
s = c~^s mod n, 

A method of generating a digital signature 5 of a message in a data communication 
system, wherein the signor of the message has a private key and a public key y 
derived fi*om an element g and said private key d, said method comprising the steps 
of: 

(a) generating a short term private key k, 

(b) computing a first short term public key derived fi-om said short term private key k; 

(c) computing a first signature component r by using said first short term public key 

(d) generating a second short term private key /; 

(e) computing a second signature component s by using said second short term 
private key t on said message m, said long term private key and first signature 
component r; 

(f) computing a third signature component c using said first and second short term 
private keys t and k respectively; 

(g) sending said signature components (r, 5, c) as a masked digital signature of said 
message w to a receiver computer system. 

A method as defined in claim 7 including the step of in said receiver computer 
system, using said second and third signature components (s, r) computing a normal 
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signature component s , and sending said signature components (5 , r ) as a normal 
digital signature to a verifier computer system, and verifying said normal signature {s, 
r) by said verifier system. 

A method as defined in claim 8 including the step of in said receiver system, using 
said second and third signature components {s, c) computing a normal signature 

component s , to derive a normal digital signature components (s,r) and; 
verifying said normal signature components. 

A processing means for assigning a message m without performing inversion 

operations and including a long term private key contained within a secure boundary 

and a long term pubHc key derived from said private key and a generator of 

predetermined order in a field, said processing means comprising: 

within said secure boundary; 

means for generating a first short term private key; 

means for generating a second short term private key; 

means for generating a first signature component using at least said second short term 
session key; and 

generating a masked signature component using said first and second short term 
session keys to produce masked signature components of said message m, 

A processing means as defined in claim 10, including means for converting ^aid 

signature components to a normal signature component; and 

means for transmitting said normal signature components to a recipient. 
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